Ports Used by Cloudera Director

Cloudera Director needs to communicate with each of the nodes in the clusters that it manages. The simplest way to achieve this, if your organization's security policies allow it, is
to enable all network traffic between Cloudera Director, cluster instances, and the Cloudera Manager node using any protocol on any port. You can do this in AWS by creating a security group for your
VPC that allows traffic between its members and assigning this security group to Cloudera Director, Cloudera Manager, and all cluster instances. With this approach, you do not have to specify each
port that is required by Cloudera Manager.

Type

Protocol

Port Range

Source

ALL Traffic

ALL

ALL

security_group_id

SSH (22)

TCP (6)

22

0.0.0.0/0

In a restricted network environment, you may want to enable minimal network traffic between instances and keep open ports to a minimum.

Minimally, open port 22 for traffic to allow SSH access to the Cloudera Director server. If using SSH tunneling, the other Cloudera Director ports below are not required.

Minimally, the Cloudera Director server needs SSH (port 22) access to every node in the cluster.

Open outbound port 123 so that the Cloudera Manager and cluster nodes can access an NTP time server.

Optionally, open port 7189 on the Cloudera Director server to enable access to the Cloudera Director web UI. Optionally, you can configure Cloudera Director to use HTTPS. You can
configure a non-default port for the Cloudera Director web UI by adding the server.port property to the server application.properties
file and specifying the desired port number. To enable HTTPS, configure the server.ssl.* settings in the SSL section of the application.properties file.

Optionally, open port 7180 on the Cloudera Manager instances so that the Cloudera Director server can use port 7180 to interact with the Cloudera Manager API. (Otherwise, Cloudera
Director will use SSH tunnels on port 22 to communicate with Cloudera Manager.)

The Cloudera Director server needs access to outbound ports 80 and 443 to retrieve packages for initial installation, metering access, and for API access to the AWS, Azure, and Google
APIs. Refer to AWS, Azure, and Google documentation for the exact domains.

For information on ports used by Cloudera Manager and CDH, see Ports in the Cloudera Manager documentation.

The following table summarizes the Cloudera Director port requirements described above:

*You can restrict access to archive.cloudera.com and metering.cloudera.com if you have an internal parcel repository and Cloudera Manager repository, and are not using usage-based billing (which
requires metering), but your instances still require access to your cloud provider's REST APIs through HTTP or HTTPS.